The present invention relates to a method for performing remote operations in which various types of control devices are operated using an information system network, such as the Internet, that can be used by any number of people. More specifically, the present invention relates to a method for performing remote operations in which multiple users can operate devices in an exclusive manner while allowing signals over the network to be kept secret from third parties.
A conventional example of remote operations is the use of a console at a monitoring and control room to send signals over a dedicated line for starting and stopping pumps at sewage disposal plants and drainage plants. Recently, remote operations of various types of control devices have been performed through standard information system networks using Internet and intranet technology. This makes it possible to operate various control devices from any location (data terminal) that is connected to the information system network. Also, technologies such as Java applets can be used so that software is downloaded and run when needed, thus eliminating the need for prior distribution of the software required for operating the control devices to the operators"" data terminals.
With the growth of the Internet, which can allow access by any number of people, the need to protect information going through networks has grown, and various encryption technologies have been proposed and implemented. As is described in xe2x80x9cApplied Cryptographyxe2x80x9d (pp. 1-4, pp. 197-198), encryption methods can be broadly divided into two categories. One category is public-key encryption and the other is common-key encryption.
In public-key encryption methods, the key used by the party performing encryption (the public key) is different from the key used by the party performing decryption (the private key), and only the public key is disclosed to the other party (the decrypting party). This method does not require private keys to be sent from the encrypting party to the decrypting party, and has the advantage that N+1 data terminals can exchange messages using the same combination of keys, where the N+1 terminals consist of N decrypting data terminals and one encrypting data terminal. On the other hand, public-key encryption is generally time-consuming.
In the other method, common-key encryption, the same key is used for both encryption and decryption, and this key is kept secret from third parties. The private key must be sent to the other party. Thus, N keys are required for 1-to-N communications (where there is one encrypting data terminal and N decrypting data terminals). However, the processing time required for this encryption method is generally short.
Encryption of information does not provide absolute security, however. If the same information is repeatedly encrypted with the same key, the same ciphertext would be generated, and a third party can take advantage of these identical ciphertexts. Therefore, it is necessary to generate different ciphertexts even when the same information is being sent. The technology to achieve this is known as the one-time password method. An example of the one-time password method is when the current time is used. If the current time is added to the information before encryption, the ciphertext will always be different since the current time will be continuously changing. Thus identical ciphertexts will not be generated even if the same information is being encrypted.
When remote operations are performed through a standard information system network such as the Internet, there are relatively few types of control signals that are used for remote-operations, and these signals are short. Thus, to improve security, encryption must be performed with one-time passwords. Also, since control signals can be sent from any operating terminal, the control signal decrypted by the controller is not always valid.
The object of the present invention is to provide a method for performing remote operations which, when using a network to remotely operate various types of control devices, maintains secrecy of signals going through the network from third parties and allows multiple users to perform operations in an exclusive manner.
In accordance with the present invention, this is achieved by preparing a program on the controller that performs a series of operations involving public keys and signals. When a user request is received, this program is transferred to the operating terminal. In the method for performing remote operations according to the present invention, this program generates a common key and a random next operating rights code on the operating terminal. These are placed in a signal and encrypted using the public key, and the result is sent to the controller. The common key and the next operating rights code are also stored in the operating terminal.
The controller receives the transferred encrypted message and decrypts it with the private key corresponding to the public key to obtain the common key and the next operating rights code. These are registered in the controller. Subsequent encryption and decryption operations are performed using this common key.
The program displays an interface on the screen to allow the user to enter control signals. When a control signal is received from the user, another random next operating rights code is generated. The common key is used to encrypt a signal containing the control signal, the next operating rights code, and the current operating rights code (i.e., the next operating rights code generated from the previous operation), and this is sent to the controller. The next operating rights code is stored in the operating terminal. The controller uses the common key to decrypt the transferred encrypted message to obtain the control signal, the current operating rights code, and the next operating rights code. The current operating rights code is checked to see if it matches an operating rights code registered in the controller. If there is a match, the control signal is sent to the control device. The next operating rights code is registered in the controller.
To allow multiple users to perform operations from operating terminals according to fixed rules, the controller is equipped with a table having information about common keys, operating rights codes, and modes. Even if an operating terminal has a correct common key and operating rights code, control signals will not be transferred to the control device if its mode is invalid. The validity and invalidity of modes are switched using special control signals, and modes are changed in response to an input sent from operating terminals or from changes in the contents of the table.